import { Request, Response, NextFunction } from 'express'
import db from '../db.js'

export interface SessionData {
  id: string
  user_id: number
  access_token: string
  site_id: number
  site_url: string
  user_info: string
}

declare global {
  namespace Express {
    interface Request {
      session?: SessionData
    }
  }
}

export function sessionAuth(req: Request, res: Response, next: NextFunction) {
  const token = req.headers['x-session-token'] as string
  if (!token) {
    res.status(401).json({ success: false, message: '未登录' })
    return
  }

  const session = db.prepare(
    "SELECT * FROM sessions WHERE id = ? AND expires_at > datetime('now')"
  ).get(token) as SessionData | undefined

  if (!session) {
    res.status(401).json({ success: false, message: '会话已过期，请重新登录' })
    return
  }

  req.session = session
  next()
}

export function adminAuth(req: Request, res: Response, next: NextFunction) {
  sessionAuth(req, res, () => {
    if (!req.session) return
    if (!(req.session as any).is_admin) {
      res.status(403).json({ success: false, message: '需要 Dashboard 管理员权限，请先升格' })
      return
    }
    next()
  })
}